

<!DOCTYPE html>
<html class="writer-html5" lang="en" >
<head>
  <meta charset="utf-8" />
  <meta name="generator" content="Docutils 0.19: https://docutils.sourceforge.io/" />

  <meta name="viewport" content="width=device-width, initial-scale=1.0" />
  
  <title>LDAP 认证 &mdash; Ceph Documentation</title>
  

  
  <link rel="stylesheet" href="../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/pygments.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/ceph.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/graphviz.css" type="text/css" />
  <link rel="stylesheet" href="../../_static/css/custom.css" type="text/css" />

  
  

  
  

  

  
  <!--[if lt IE 9]>
    <script src="../../_static/js/html5shiv.min.js"></script>
  <![endif]-->
  
    
      <script type="text/javascript" id="documentation_options" data-url_root="../../" src="../../_static/documentation_options.js"></script>
        <script src="../../_static/jquery.js"></script>
        <script src="../../_static/_sphinx_javascript_frameworks_compat.js"></script>
        <script data-url_root="../../" id="documentation_options" src="../../_static/documentation_options.js"></script>
        <script src="../../_static/doctools.js"></script>
        <script src="../../_static/sphinx_highlight.js"></script>
    
    <script type="text/javascript" src="../../_static/js/theme.js"></script>

    
    <link rel="index" title="Index" href="../../genindex/" />
    <link rel="search" title="Search" href="../../search/" />
    <link rel="next" title="加密" href="../encryption/" />
    <link rel="prev" title="压缩" href="../compression/" /> 
</head>

<body class="wy-body-for-nav">

   
  <header class="top-bar">
    <div role="navigation" aria-label="Page navigation">
  <ul class="wy-breadcrumbs">
      <li><a href="../../" class="icon icon-home" aria-label="Home"></a></li>
          <li class="breadcrumb-item"><a href="../">Ceph 对象网关</a></li>
      <li class="breadcrumb-item active">LDAP 认证</li>
      <li class="wy-breadcrumbs-aside">
            <a href="../../_sources/radosgw/ldap-auth.rst.txt" rel="nofollow"> View page source</a>
      </li>
  </ul>
  <hr/>
</div>
  </header>
  <div class="wy-grid-for-nav">
    
    <nav data-toggle="wy-nav-shift" class="wy-nav-side">
      <div class="wy-side-scroll">
        <div class="wy-side-nav-search"  style="background: #eee" >
          

          
            <a href="../../" class="icon icon-home"> Ceph
          

          
          </a>

          

          
<div role="search">
  <form id="rtd-search-form" class="wy-form" action="../../search/" method="get">
    <input type="text" name="q" placeholder="Search docs" aria-label="Search docs" />
    <input type="hidden" name="check_keywords" value="yes" />
    <input type="hidden" name="area" value="default" />
  </form>
</div>

          
        </div>

        
        <div class="wy-menu wy-menu-vertical" data-spy="affix" role="navigation" aria-label="main navigation">
          
            
            
              
            
            
              <ul class="current">
<li class="toctree-l1"><a class="reference internal" href="../../start/">Ceph 简介</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../install/">安装 Ceph</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../cephadm/">Cephadm</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../rados/">Ceph 存储集群</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../cephfs/">Ceph 文件系统</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../rbd/">Ceph 块设备</a></li>
<li class="toctree-l1 current"><a class="reference internal" href="../">Ceph 对象网关</a><ul class="current">
<li class="toctree-l2"><a class="reference internal" href="../frontends/">HTTP 前端</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multisite/">多站配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../zone-features/">域的功能</a></li>
<li class="toctree-l2"><a class="reference internal" href="../placement/">存储池归置与存储类</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multisite-sync-policy/">多站同步策略配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../pools/">存储池的配置</a></li>
<li class="toctree-l2"><a class="reference internal" href="../config-ref/">配置参考</a></li>
<li class="toctree-l2"><a class="reference internal" href="../admin/">管理指南</a></li>
<li class="toctree-l2"><a class="reference internal" href="../account/">用户账户</a></li>
<li class="toctree-l2"><a class="reference internal" href="../s3/">S3 API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../iam/">IAM API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../rgw-cache/">数据缓存和 CDN</a></li>
<li class="toctree-l2"><a class="reference internal" href="../swift/">Swift API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../adminops/">管理操作 API</a></li>
<li class="toctree-l2"><a class="reference internal" href="../api/">Python 接口</a></li>
<li class="toctree-l2"><a class="reference internal" href="../nfs/">通过 NFS 导出</a></li>
<li class="toctree-l2"><a class="reference internal" href="../keystone/">与 OpenStack Keystone 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../barbican/">与 OpenStack Barbican 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../vault/">与 HashiCorp Vault 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../kmip/">与 KMIP 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../opa/">与 Open Policy Agent 对接</a></li>
<li class="toctree-l2"><a class="reference internal" href="../multitenancy/">多租户</a></li>
<li class="toctree-l2"><a class="reference internal" href="../compression/">压缩</a></li>
<li class="toctree-l2 current"><a class="current reference internal" href="#">LDAP 认证</a><ul>
<li class="toctree-l3"><a class="reference internal" href="#id1">它是怎么运作的</a></li>
<li class="toctree-l3"><a class="reference internal" href="#id2">必备条件</a></li>
<li class="toctree-l3"><a class="reference internal" href="#id3">健全性检查</a></li>
<li class="toctree-l3"><a class="reference internal" href="#ceph-ldap">配置得让 Ceph 对象网关使用 LDAP 认证</a></li>
<li class="toctree-l3"><a class="reference internal" href="#id4">使用自定义搜索过滤器来限制用户访问</a><ul>
<li class="toctree-l4"><a class="reference internal" href="#id5">指定局部过滤器来进一步限制构建好的搜索过滤器</a></li>
<li class="toctree-l4"><a class="reference internal" href="#id6">指定一个完整过滤器</a></li>
</ul>
</li>
<li class="toctree-l3"><a class="reference internal" href="#id7">生成 LDAP 认证所需的访问令牌</a></li>
<li class="toctree-l3"><a class="reference internal" href="#id8">使用访问令牌</a></li>
</ul>
</li>
<li class="toctree-l2"><a class="reference internal" href="../encryption/">服务器端加密</a></li>
<li class="toctree-l2"><a class="reference internal" href="../bucketpolicy/">桶策略</a></li>
<li class="toctree-l2"><a class="reference internal" href="../dynamicresharding/">动态的桶索引重分片</a></li>
<li class="toctree-l2"><a class="reference internal" href="../mfa/">多因子认证</a></li>
<li class="toctree-l2"><a class="reference internal" href="../sync-modules/">同步模块</a></li>
<li class="toctree-l2"><a class="reference internal" href="../notifications/">Bucket Notifications</a></li>
<li class="toctree-l2"><a class="reference internal" href="../layout/">RADOS 中的数据布局</a></li>
<li class="toctree-l2"><a class="reference internal" href="../STS/">STS</a></li>
<li class="toctree-l2"><a class="reference internal" href="../STSLite/">STS Lite</a></li>
<li class="toctree-l2"><a class="reference internal" href="../keycloak/">Keycloak</a></li>
<li class="toctree-l2"><a class="reference internal" href="../session-tags/">Session Tags</a></li>
<li class="toctree-l2"><a class="reference internal" href="../role/">Role</a></li>
<li class="toctree-l2"><a class="reference internal" href="../orphans/">Orphan List and Associated Tooliing</a></li>
<li class="toctree-l2"><a class="reference internal" href="../oidc/">OpenID Connect Provider</a></li>
<li class="toctree-l2"><a class="reference internal" href="../troubleshooting/">故障排除</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../man/8/radosgw/">radosgw 手册页</a></li>
<li class="toctree-l2"><a class="reference internal" href="../../man/8/radosgw-admin/">radosgw-admin 手册页</a></li>
<li class="toctree-l2"><a class="reference internal" href="../qat-accel/">使用 QAT 为加密和压缩提速</a></li>
<li class="toctree-l2"><a class="reference internal" href="../s3select/">S3-select</a></li>
<li class="toctree-l2"><a class="reference internal" href="../lua-scripting/">Lua Scripting</a></li>
<li class="toctree-l2"><a class="reference internal" href="../d3n_datacache/">D3N Data Cache</a></li>
<li class="toctree-l2"><a class="reference internal" href="../cloud-transition/">Cloud Transition</a></li>
<li class="toctree-l2"><a class="reference internal" href="../metrics/">Metrics</a></li>
<li class="toctree-l2"><a class="reference internal" href="../uadk-accel/">UADK Acceleration for Compression</a></li>
<li class="toctree-l2"><a class="reference internal" href="../bucket_logging/">桶的日志记录</a></li>
</ul>
</li>
<li class="toctree-l1"><a class="reference internal" href="../../mgr/">Ceph 管理器守护进程</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../mgr/dashboard/">Ceph 仪表盘</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../monitoring/">监控概览</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../api/">API 文档</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../architecture/">体系结构</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../dev/developer_guide/">开发者指南</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../dev/internals/">Ceph 内幕</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../governance/">项目管理</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../foundation/">Ceph 基金会</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../ceph-volume/">ceph-volume</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../releases/general/">Ceph 版本（总目录）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../releases/">Ceph 版本（索引）</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../security/">Security</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../hardware-monitoring/">硬件监控</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../glossary/">Ceph 术语</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../jaegertracing/">Tracing</a></li>
<li class="toctree-l1"><a class="reference internal" href="../../translation_cn/">中文版翻译资源</a></li>
</ul>

            
          
        </div>
        
      </div>
    </nav>

    <section data-toggle="wy-nav-shift" class="wy-nav-content-wrap">

      
      <nav class="wy-nav-top" aria-label="top navigation">
        
          <i data-toggle="wy-nav-top" class="fa fa-bars"></i>
          <a href="../../">Ceph</a>
        
      </nav>


      <div class="wy-nav-content">
        
        <div class="rst-content">
        
          <div role="main" class="document" itemscope="itemscope" itemtype="http://schema.org/Article">
           <div itemprop="articleBody">
            
<div id="dev-warning" class="admonition note">
  <p class="first admonition-title">Notice</p>
  <p class="last">This document is for a development version of Ceph.</p>
</div>
  <div id="docubetter" align="right" style="padding: 5px; font-weight: bold;">
    <a href="https://pad.ceph.com/p/Report_Documentation_Bugs">Report a Documentation Bug</a>
  </div>

  
  <section id="ldap">
<h1>LDAP 认证<a class="headerlink" href="#ldap" title="Permalink to this heading"></a></h1>
<div class="versionadded">
<p><span class="versionmodified added">New in version Jewel.</span></p>
</div>
<p>You can delegate the Ceph Object Gateway authentication to an LDAP server.</p>
<section id="id1">
<h2>它是怎么运作的<a class="headerlink" href="#id1" title="Permalink to this heading"></a></h2>
<p>The Ceph Object Gateway extracts the users LDAP credentials from a token. A
search filter is constructed with the user name. The Ceph Object Gateway uses
the configured service account to search the directory for a matching entry. If
an entry is found, the Ceph Object Gateway attempts to bind to the found
distinguished name with the password from the token. If the credentials are
valid, the bind will succeed, and the Ceph Object Gateway will grant access and
radosgw-user will be created with the provided username.</p>
<p>You can limit the allowed users by setting the base for the search to a
specific organizational unit or by specifying a custom search filter, for
example requiring specific group membership, custom object classes, or
attributes.</p>
<p>The LDAP credentials must be available on the server to perform the LDAP
authentication. Make sure to set the <code class="docutils literal notranslate"><span class="pre">rgw</span></code> log level low enough to hide the
base-64-encoded credentials / access tokens.</p>
</section>
<section id="id2">
<h2>必备条件<a class="headerlink" href="#id2" title="Permalink to this heading"></a></h2>
<ul class="simple">
<li><p><strong>LDAP or Active Directory:</strong> A running LDAP instance accessible by the Ceph
Object Gateway</p></li>
<li><p><strong>Service account:</strong> LDAP credentials to be used by the Ceph Object Gateway
with search permissions</p></li>
<li><p><strong>User account:</strong> At least one user account in the LDAP directory</p></li>
<li><p><strong>Do not overlap LDAP and local users:</strong> You should not use the same user
names for local users and for users being authenticated by using LDAP. The
Ceph Object Gateway cannot distinguish them and it treats them as the same
user.</p></li>
</ul>
</section>
<section id="id3">
<h2>健全性检查<a class="headerlink" href="#id3" title="Permalink to this heading"></a></h2>
<p>Use the <code class="docutils literal notranslate"><span class="pre">ldapsearch</span></code> utility to verify the service account or the LDAP connection:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1"># ldapsearch -x -D &quot;uid=ceph,ou=system,dc=example,dc=com&quot; -W \</span>
<span class="o">-</span><span class="n">H</span> <span class="n">ldaps</span><span class="p">:</span><span class="o">//</span><span class="n">example</span><span class="o">.</span><span class="n">com</span> <span class="o">-</span><span class="n">b</span> <span class="s2">&quot;ou=users,dc=example,dc=com&quot;</span> <span class="s1">&#39;uid=*&#39;</span> <span class="n">dn</span>
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Make sure to use the same LDAP parameters like in the Ceph configuration file to
eliminate possible problems.</p>
</div>
</section>
<section id="ceph-ldap">
<h2>配置得让 Ceph 对象网关使用 LDAP 认证<a class="headerlink" href="#ceph-ldap" title="Permalink to this heading"></a></h2>
<p>The following parameters in the Ceph configuration file are related to the LDAP
authentication:</p>
<ul class="simple">
<li><p><code class="docutils literal notranslate"><span class="pre">rgw_s3_auth_use_ldap</span></code>: Set this to <code class="docutils literal notranslate"><span class="pre">true</span></code> to enable S3 authentication with LDAP</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">rgw_ldap_uri</span></code>:  Specifies the LDAP server to use. Make sure to use the
<code class="docutils literal notranslate"><span class="pre">ldaps://&lt;fqdn&gt;:&lt;port&gt;</span></code> parameter to not transmit clear text credentials
over the wire.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">rgw_ldap_binddn</span></code>: The Distinguished Name (DN) of the service account used
by the Ceph Object Gateway</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">rgw_ldap_secret</span></code>: Path to file containing credentials for <code class="docutils literal notranslate"><span class="pre">rgw_ldap_binddn</span></code></p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">rgw_ldap_searchdn</span></code>: Specifies the base in the directory information tree
for searching users. This might be your users organizational unit or some
more specific Organizational Unit (OU).</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">rgw_ldap_dnattr</span></code>: The attribute being used in the constructed search
filter to match a username. Depending on your Directory Information Tree
(DIT) this would probably be <code class="docutils literal notranslate"><span class="pre">uid</span></code> or <code class="docutils literal notranslate"><span class="pre">cn</span></code>. The generated filter string
will be, e.g., <code class="docutils literal notranslate"><span class="pre">cn=some_username</span></code>.</p></li>
<li><p><code class="docutils literal notranslate"><span class="pre">rgw_ldap_searchfilter</span></code>: If not specified, the Ceph Object Gateway
automatically constructs the search filter with the <code class="docutils literal notranslate"><span class="pre">rgw_ldap_dnattr</span></code>
setting. Use this parameter to narrow the list of allowed users in very
flexible ways. Consult the <em>Using a custom search filter to limit user access
section</em> for details</p></li>
</ul>
</section>
<section id="id4">
<h2>使用自定义搜索过滤器来限制用户访问<a class="headerlink" href="#id4" title="Permalink to this heading"></a></h2>
<p>There are two ways to use the <code class="docutils literal notranslate"><span class="pre">rgw_search_filter</span></code> parameter:</p>
<section id="id5">
<h3>指定局部过滤器来进一步限制构建好的搜索过滤器<a class="headerlink" href="#id5" title="Permalink to this heading"></a></h3>
<p>一个局部过滤器实例：</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="s2">&quot;objectclass=inetorgperson&quot;</span>
</pre></div>
</div>
<p>The Ceph Object Gateway will generate the search filter as usual with the
user name from the token and the value of <code class="docutils literal notranslate"><span class="pre">rgw_ldap_dnattr</span></code>. The constructed
filter is then combined with the partial filter from the <code class="docutils literal notranslate"><span class="pre">rgw_search_filter</span></code>
attribute. Depending on the user name and the settings the final search filter
might become:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="s2">&quot;(&amp;(uid=hari)(objectclass=inetorgperson))&quot;</span>
</pre></div>
</div>
<p>So user <code class="docutils literal notranslate"><span class="pre">hari</span></code> will only be granted access if he is found in the LDAP
directory, has an object class of <code class="docutils literal notranslate"><span class="pre">inetorgperson</span></code>, and did specify a valid
password.</p>
</section>
<section id="id6">
<h3>指定一个完整过滤器<a class="headerlink" href="#id6" title="Permalink to this heading"></a></h3>
<p>A complete filter must contain a <code class="docutils literal notranslate"><span class="pre">&#64;USERNAME&#64;</span></code> token which will be substituted
with the user name during the authentication attempt. The <code class="docutils literal notranslate"><span class="pre">rgw_ldap_dnattr</span></code>
parameter is not used anymore in this case. For example, to limit valid users
to a specific group, use the following filter:</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="s2">&quot;(&amp;(uid=@USERNAME@)(memberOf=cn=ceph-users,ou=groups,dc=mycompany,dc=com))&quot;</span>
</pre></div>
</div>
<div class="admonition note">
<p class="admonition-title">Note</p>
<p>Using the <code class="docutils literal notranslate"><span class="pre">memberOf</span></code> attribute in LDAP searches requires server side
support from you specific LDAP server implementation.</p>
</div>
</section>
</section>
<section id="id7">
<h2>生成 LDAP 认证所需的访问令牌<a class="headerlink" href="#id7" title="Permalink to this heading"></a></h2>
<p>The <code class="docutils literal notranslate"><span class="pre">radosgw-token</span></code> utility generates the access token based on the LDAP
user name and password. It will output a base-64 encoded string which is the
access token.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1"># export RGW_ACCESS_KEY_ID=&quot;&lt;username&gt;&quot;</span>
<span class="c1"># export RGW_SECRET_ACCESS_KEY=&quot;&lt;password&gt;&quot;</span>
<span class="c1"># radosgw-token --encode</span>
</pre></div>
</div>
<div class="admonition important">
<p class="admonition-title">Important</p>
<p>访问令牌是个 base-64 编码的 JSON 数据结构，其内的 LDAP 凭证是明文。</p>
</div>
<p>Alternatively, users can also generate the token manually by base-64-encoding
this JSON snippet, if they do not have the <code class="docutils literal notranslate"><span class="pre">radosgw-token</span></code> tool installed.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="p">{</span>
  <span class="s2">&quot;RGW_TOKEN&quot;</span><span class="p">:</span> <span class="p">{</span>
    <span class="s2">&quot;version&quot;</span><span class="p">:</span> <span class="mi">1</span><span class="p">,</span>
    <span class="s2">&quot;type&quot;</span><span class="p">:</span> <span class="s2">&quot;ldap&quot;</span><span class="p">,</span>
    <span class="s2">&quot;id&quot;</span><span class="p">:</span> <span class="s2">&quot;your_username&quot;</span><span class="p">,</span>
    <span class="s2">&quot;key&quot;</span><span class="p">:</span> <span class="s2">&quot;your_clear_text_password_here&quot;</span>
  <span class="p">}</span>
<span class="p">}</span>
</pre></div>
</div>
</section>
<section id="id8">
<h2>使用访问令牌<a class="headerlink" href="#id8" title="Permalink to this heading"></a></h2>
<p>Use your favorite S3 client and specify the token as the access key in your
client or environment variables.</p>
<div class="highlight-default notranslate"><div class="highlight"><pre><span></span><span class="c1"># export AWS_ACCESS_KEY_ID=&lt;base64-encoded token generated by radosgw-token&gt;</span>
<span class="c1"># export AWS_SECRET_ACCESS_KEY=&quot;&quot; # define this with an empty string, otherwise tools might complain about missing env variables.</span>
</pre></div>
</div>
<div class="admonition important">
<p class="admonition-title">Important</p>
<p>The access token is a base-64 encoded JSON struct and contains
the LDAP credentials as a clear text. DO NOT share it unless
you want to share your clear text password!</p>
</div>
</section>
</section>



<div id="support-the-ceph-foundation" class="admonition note">
  <p class="first admonition-title">Brought to you by the Ceph Foundation</p>
  <p class="last">The Ceph Documentation is a community resource funded and hosted by the non-profit <a href="https://ceph.io/en/foundation/">Ceph Foundation</a>. If you would like to support this and our other efforts, please consider <a href="https://ceph.io/en/foundation/join/">joining now</a>.</p>
</div>


           </div>
           
          </div>
          <footer><div class="rst-footer-buttons" role="navigation" aria-label="Footer">
        <a href="../compression/" class="btn btn-neutral float-left" title="压缩" accesskey="p" rel="prev"><span class="fa fa-arrow-circle-left" aria-hidden="true"></span> Previous</a>
        <a href="../encryption/" class="btn btn-neutral float-right" title="加密" accesskey="n" rel="next">Next <span class="fa fa-arrow-circle-right" aria-hidden="true"></span></a>
    </div>

  <hr/>

  <div role="contentinfo">
    <p>&#169; Copyright 2016, Ceph authors and contributors. Licensed under Creative Commons Attribution Share Alike 3.0 (CC-BY-SA-3.0).</p>
  </div>

   

</footer>
        </div>
      </div>

    </section>

  </div>
  

  <script type="text/javascript">
      jQuery(function () {
          SphinxRtdTheme.Navigation.enable(true);
      });
  </script>

  
  
    
   

</body>
</html>